mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-25 01:06:50 +00:00
borg.key: include chunk id in exception msgs
this is a backport of bcdce91dfb2883c139011322a9e8086059fbe5c2 improvements on the exception msgs.
This commit is contained in:
parent
5ccc124667
commit
5f337e2c9c
1 changed files with 6 additions and 6 deletions
12
borg/key.py
12
borg/key.py
|
@ -105,10 +105,10 @@ def encrypt(self, data):
|
||||||
|
|
||||||
def decrypt(self, id, data):
|
def decrypt(self, id, data):
|
||||||
if data[0] != self.TYPE:
|
if data[0] != self.TYPE:
|
||||||
raise IntegrityError('Invalid encryption envelope')
|
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
|
||||||
data = self.compressor.decompress(memoryview(data)[1:])
|
data = self.compressor.decompress(memoryview(data)[1:])
|
||||||
if id and sha256(data).digest() != id:
|
if id and sha256(data).digest() != id:
|
||||||
raise IntegrityError('Chunk id verification failed')
|
raise IntegrityError('Chunk %s: id verification failed' % bin_to_hex(id))
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
@ -142,24 +142,24 @@ def encrypt(self, data):
|
||||||
def decrypt(self, id, data):
|
def decrypt(self, id, data):
|
||||||
if not (data[0] == self.TYPE or
|
if not (data[0] == self.TYPE or
|
||||||
data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
data[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
||||||
raise IntegrityError('Invalid encryption envelope')
|
raise IntegrityError('Chunk %s: Invalid encryption envelope' % bin_to_hex(id))
|
||||||
hmac_given = memoryview(data)[1:33]
|
hmac_given = memoryview(data)[1:33]
|
||||||
hmac_computed = memoryview(HMAC(self.enc_hmac_key, memoryview(data)[33:], sha256).digest())
|
hmac_computed = memoryview(HMAC(self.enc_hmac_key, memoryview(data)[33:], sha256).digest())
|
||||||
if not compare_digest(hmac_computed, hmac_given):
|
if not compare_digest(hmac_computed, hmac_given):
|
||||||
raise IntegrityError('Encryption envelope checksum mismatch')
|
raise IntegrityError('Chunk %s: Encryption envelope checksum mismatch' % bin_to_hex(id))
|
||||||
self.dec_cipher.reset(iv=PREFIX + data[33:41])
|
self.dec_cipher.reset(iv=PREFIX + data[33:41])
|
||||||
data = self.compressor.decompress(self.dec_cipher.decrypt(data[41:]))
|
data = self.compressor.decompress(self.dec_cipher.decrypt(data[41:]))
|
||||||
if id:
|
if id:
|
||||||
hmac_given = id
|
hmac_given = id
|
||||||
hmac_computed = HMAC(self.id_key, data, sha256).digest()
|
hmac_computed = HMAC(self.id_key, data, sha256).digest()
|
||||||
if not compare_digest(hmac_computed, hmac_given):
|
if not compare_digest(hmac_computed, hmac_given):
|
||||||
raise IntegrityError('Chunk id verification failed')
|
raise IntegrityError('Chunk %s: Chunk id verification failed' % bin_to_hex(id))
|
||||||
return data
|
return data
|
||||||
|
|
||||||
def extract_nonce(self, payload):
|
def extract_nonce(self, payload):
|
||||||
if not (payload[0] == self.TYPE or
|
if not (payload[0] == self.TYPE or
|
||||||
payload[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
payload[0] == PassphraseKey.TYPE and isinstance(self, RepoKey)):
|
||||||
raise IntegrityError('Invalid encryption envelope')
|
raise IntegrityError('Manifest: Invalid encryption envelope')
|
||||||
nonce = bytes_to_long(payload[33:41])
|
nonce = bytes_to_long(payload[33:41])
|
||||||
return nonce
|
return nonce
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue